1f08c3bdfSopenharmony_ci#!/bin/sh 2f08c3bdfSopenharmony_ci# SPDX-License-Identifier: GPL-2.0-or-later 3f08c3bdfSopenharmony_ci# Copyright (c) 2017 FUJITSU LIMITED. All rights reserved. 4f08c3bdfSopenharmony_ci# Author: Xiao Yang <yangx.jy@cn.fujitsu.com> 5f08c3bdfSopenharmony_ci# 6f08c3bdfSopenharmony_ci# Test unshare command with some basic options. 7f08c3bdfSopenharmony_ci# 1) If we run unshare with "--user", UID in the newly created user namespace 8f08c3bdfSopenharmony_ci# is set to 65534. 9f08c3bdfSopenharmony_ci# 2) If we run unshare with "--user", GID in the newly created user namespace 10f08c3bdfSopenharmony_ci# is set to 65534. 11f08c3bdfSopenharmony_ci# 3) If we run with "--user --map-root-user", UID in the newly created user 12f08c3bdfSopenharmony_ci# namespace is set to 0. 13f08c3bdfSopenharmony_ci# 4) If we run with "--user --map-root-user", GID in the newly created user 14f08c3bdfSopenharmony_ci# is set to 0. 15f08c3bdfSopenharmony_ci# 5) If we run with "--mount", mount and unmount events do not propagate to 16f08c3bdfSopenharmony_ci# its parent mount namespace. 17f08c3bdfSopenharmony_ci# 6) If we run with "--mount --propagation shared", mount and unmount events 18f08c3bdfSopenharmony_ci# propagate to its parent mount namespace. 19f08c3bdfSopenharmony_ci# 7) If we run with "--user --map-root-user --mount", mount and unmount events 20f08c3bdfSopenharmony_ci# do not propagate to its parent mount namespace. 21f08c3bdfSopenharmony_ci# 8) Even if we run with "--user --map-root-user --mount --propagation shared", 22f08c3bdfSopenharmony_ci# mount and unmount events do not propagate to its parent mount namespace 23f08c3bdfSopenharmony_ci# because the shared mount is reduced to a slave mount. 24f08c3bdfSopenharmony_ci# 25f08c3bdfSopenharmony_ci# Please see the following URL for detailed information: 26f08c3bdfSopenharmony_ci# http://man7.org/linux/man-pages/man7/user_namespaces.7.html 27f08c3bdfSopenharmony_ci# http://man7.org/linux/man-pages/man7/mount_namespaces.7.html 28f08c3bdfSopenharmony_ci 29f08c3bdfSopenharmony_ciTST_CNT=8 30f08c3bdfSopenharmony_ciTST_SETUP=setup 31f08c3bdfSopenharmony_ciTST_CLEANUP=cleanup 32f08c3bdfSopenharmony_ciTST_TESTFUNC=do_test 33f08c3bdfSopenharmony_ciTST_NEEDS_ROOT=1 34f08c3bdfSopenharmony_ciTST_NEEDS_TMPDIR=1 35f08c3bdfSopenharmony_ciTST_NEEDS_CMDS="unshare id mount umount" 36f08c3bdfSopenharmony_ci 37f08c3bdfSopenharmony_cimax_userns_path="/proc/sys/user/max_user_namespaces" 38f08c3bdfSopenharmony_cimax_mntns_path="/proc/sys/user/max_mnt_namespaces" 39f08c3bdfSopenharmony_cidefault_max_userns=-1 40f08c3bdfSopenharmony_cidefault_max_mntns=-1 41f08c3bdfSopenharmony_ci 42f08c3bdfSopenharmony_cisetup() 43f08c3bdfSopenharmony_ci{ 44f08c3bdfSopenharmony_ci # On some distributions(e.g RHEL7.4), the default value of 45f08c3bdfSopenharmony_ci # max_user_namespaces or max_mnt_namespaces is set to 0. 46f08c3bdfSopenharmony_ci # We need to change the default value to run unshare command. 47f08c3bdfSopenharmony_ci if [ -f "${max_userns_path}" ]; then 48f08c3bdfSopenharmony_ci default_max_userns=$(cat "${max_userns_path}") 49f08c3bdfSopenharmony_ci echo 1024 > "${max_userns_path}" 50f08c3bdfSopenharmony_ci fi 51f08c3bdfSopenharmony_ci 52f08c3bdfSopenharmony_ci if [ -f "${max_mntns_path}" ]; then 53f08c3bdfSopenharmony_ci default_max_mntns=$(cat "${max_mntns_path}") 54f08c3bdfSopenharmony_ci echo 1024 > "${max_mntns_path}" 55f08c3bdfSopenharmony_ci fi 56f08c3bdfSopenharmony_ci 57f08c3bdfSopenharmony_ci mkdir -p dir_A dir_B 58f08c3bdfSopenharmony_ci touch dir_A/A dir_B/B 59f08c3bdfSopenharmony_ci} 60f08c3bdfSopenharmony_ci 61f08c3bdfSopenharmony_cicleanup() 62f08c3bdfSopenharmony_ci{ 63f08c3bdfSopenharmony_ci # Restore the default value to 0. 64f08c3bdfSopenharmony_ci [ ${default_max_userns} -ne -1 ] && \ 65f08c3bdfSopenharmony_ci echo ${default_max_userns} > "${max_userns_path}" 66f08c3bdfSopenharmony_ci [ ${default_max_mntns} -ne -1 ] && \ 67f08c3bdfSopenharmony_ci echo ${default_max_mntns} > "${max_mntns_path}" 68f08c3bdfSopenharmony_ci} 69f08c3bdfSopenharmony_ci 70f08c3bdfSopenharmony_cicheck_id() 71f08c3bdfSopenharmony_ci{ 72f08c3bdfSopenharmony_ci local act_id="$1" 73f08c3bdfSopenharmony_ci local exp_id="$2" 74f08c3bdfSopenharmony_ci local cmd="$3" 75f08c3bdfSopenharmony_ci 76f08c3bdfSopenharmony_ci if [ ${act_id} -ne ${exp_id} ]; then 77f08c3bdfSopenharmony_ci tst_res TFAIL "$cmd got wrong uid/gid" 78f08c3bdfSopenharmony_ci else 79f08c3bdfSopenharmony_ci tst_res TPASS "$cmd got correct uid/gid" 80f08c3bdfSopenharmony_ci fi 81f08c3bdfSopenharmony_ci} 82f08c3bdfSopenharmony_ci 83f08c3bdfSopenharmony_cicheck_mount() 84f08c3bdfSopenharmony_ci{ 85f08c3bdfSopenharmony_ci local tst_dir="$1" 86f08c3bdfSopenharmony_ci local exp_stat="$2" 87f08c3bdfSopenharmony_ci local cmd="$3" 88f08c3bdfSopenharmony_ci 89f08c3bdfSopenharmony_ci case ${exp_stat} in 90f08c3bdfSopenharmony_ci unmounted) 91f08c3bdfSopenharmony_ci if ls "${tst_dir}" | grep -qw 'A'; then 92f08c3bdfSopenharmony_ci tst_res TFAIL "$cmd got bind info" 93f08c3bdfSopenharmony_ci umount ${tst_dir} 94f08c3bdfSopenharmony_ci return 95f08c3bdfSopenharmony_ci fi 96f08c3bdfSopenharmony_ci ;; 97f08c3bdfSopenharmony_ci mounted) 98f08c3bdfSopenharmony_ci if ! ls "${tst_dir}" | grep -qw 'A'; then 99f08c3bdfSopenharmony_ci tst_res TFAIL "$cmd did not get bind info" 100f08c3bdfSopenharmony_ci return 101f08c3bdfSopenharmony_ci fi 102f08c3bdfSopenharmony_ci umount ${tst_dir} 103f08c3bdfSopenharmony_ci ;; 104f08c3bdfSopenharmony_ci esac 105f08c3bdfSopenharmony_ci 106f08c3bdfSopenharmony_ci tst_res TPASS "$cmd got bind info as expected" 107f08c3bdfSopenharmony_ci} 108f08c3bdfSopenharmony_ci 109f08c3bdfSopenharmony_ciunshare_test() 110f08c3bdfSopenharmony_ci{ 111f08c3bdfSopenharmony_ci local unshare_opts="$1" 112f08c3bdfSopenharmony_ci local verify_cmd="$2" 113f08c3bdfSopenharmony_ci local exp_result="$3" 114f08c3bdfSopenharmony_ci 115f08c3bdfSopenharmony_ci local unshare_cmd="unshare ${unshare_opts} ${verify_cmd}" 116f08c3bdfSopenharmony_ci 117f08c3bdfSopenharmony_ci eval ${unshare_cmd} > temp 2>&1 118f08c3bdfSopenharmony_ci if [ $? -ne 0 ]; then 119f08c3bdfSopenharmony_ci # unrecognized option or invalid option is returned if the 120f08c3bdfSopenharmony_ci # option is not supported by unshare command(e.g. RHEL6). 121f08c3bdfSopenharmony_ci # Invalid argument or Operation not permitted is returned 122f08c3bdfSopenharmony_ci # if the feature is not supported by kernel(e.g. RHEL7). 123f08c3bdfSopenharmony_ci grep -q -E "unrecognized option|invalid option|Invalid argument|Operation not permitted" temp 124f08c3bdfSopenharmony_ci if [ $? -eq 0 ]; then 125f08c3bdfSopenharmony_ci tst_res TCONF "${unshare_cmd} not supported." 126f08c3bdfSopenharmony_ci else 127f08c3bdfSopenharmony_ci tst_res TFAIL "${unshare_cmd} failed." 128f08c3bdfSopenharmony_ci fi 129f08c3bdfSopenharmony_ci return 130f08c3bdfSopenharmony_ci fi 131f08c3bdfSopenharmony_ci 132f08c3bdfSopenharmony_ci case ${verify_cmd} in 133f08c3bdfSopenharmony_ci id*) 134f08c3bdfSopenharmony_ci check_id "$(cat temp)" "${exp_result}" "${unshare_cmd}" 135f08c3bdfSopenharmony_ci ;; 136f08c3bdfSopenharmony_ci mount*) 137f08c3bdfSopenharmony_ci check_mount "dir_B" "${exp_result}" "${unshare_cmd}" 138f08c3bdfSopenharmony_ci ;; 139f08c3bdfSopenharmony_ci esac 140f08c3bdfSopenharmony_ci} 141f08c3bdfSopenharmony_ci 142f08c3bdfSopenharmony_cido_test() 143f08c3bdfSopenharmony_ci{ 144f08c3bdfSopenharmony_ci case $1 in 145f08c3bdfSopenharmony_ci 1) unshare_test "--user" "id -u" "65534";; 146f08c3bdfSopenharmony_ci 2) unshare_test "--user" "id -g" "65534";; 147f08c3bdfSopenharmony_ci 3) unshare_test "--user --map-root-user" "id -u" "0";; 148f08c3bdfSopenharmony_ci 4) unshare_test "--user --map-root-user" "id -g" "0";; 149f08c3bdfSopenharmony_ci 5) unshare_test "--mount" "mount --bind dir_A dir_B" "unmounted";; 150f08c3bdfSopenharmony_ci 6) unshare_test "--mount --propagation shared" \ 151f08c3bdfSopenharmony_ci "mount --bind dir_A dir_B" "mounted";; 152f08c3bdfSopenharmony_ci 7) unshare_test "--user --map-root-user --mount" \ 153f08c3bdfSopenharmony_ci "mount --bind dir_A dir_B" "unmounted";; 154f08c3bdfSopenharmony_ci 8) unshare_test "--user --map-root-user --mount --propagation shared" \ 155f08c3bdfSopenharmony_ci "mount --bind dir_A dir_B" "unmounted";; 156f08c3bdfSopenharmony_ci esac 157f08c3bdfSopenharmony_ci} 158f08c3bdfSopenharmony_ci 159f08c3bdfSopenharmony_ci. tst_test.sh 160f08c3bdfSopenharmony_citst_run 161